CVE-2020-8905

Name of the Vulnerable Software and Affected Versions Asylo versions prior to 0.6.0

Description A buffer length validation issue allows an attacker to read unauthorized data. The enc untrusted recvfrom function generates a return value deserialized by MessageReader and copied into three extents. The length of the third extents is controlled by external input and not verified on copy, enabling the attacker to force Asylo to copy trusted memory data into a small untrusted buffer.

Recommendations Update Asylo to version 0.6.0 or later.